When reviewing incidents on the Symantec Endpoint Detection and Response (SEDR) appliance, it is noted that a new incident is created that contains events from the same date and time as those in a previously closed incident.  The incident continues to get generated even though the incident is repeatedly closed.

A SEP client policy has become corrupted.

Update the SEP client policy for the client(s) in question.

For details, see the following topic in the SEP Installation and Administration Guide:: 

• Updating client policies